Commit acde5a37 authored by hashworks's avatar hashworks
Browse files

Merge branch 'fix/sysusers' into 'master'

Make sure sysusers call actually generates users and groups

Closes #52

See merge request archlinux/archlinux-docker!53
parents 65afb6ca eb0c127b
......@@ -151,6 +151,8 @@ image:publish:secure:
- tags
.test-script: &test-script
- test "$(cat /etc/group | wc -l)" -gt 10
- test "$(cat /etc/passwd | wc -l)" -gt 10
- pacman -Sy
- pacman -Qqk
- pacman -Syu --noconfirm docker grep
......
......@@ -19,11 +19,13 @@ define rootfs
fakechroot -- fakeroot -- chroot $(BUILDDIR) update-ca-trust
fakechroot -- fakeroot -- chroot $(BUILDDIR) locale-gen
fakechroot -- fakeroot -- chroot $(BUILDDIR) sh -c 'ls usr/lib/sysusers.d/*.conf | /usr/share/libalpm/scripts/systemd-hook sysusers'
fakechroot -- fakeroot -- chroot $(BUILDDIR) sh -c 'pacman-key --init && pacman-key --populate archlinux && bash -c "rm -rf etc/pacman.d/gnupg/{openpgp-revocs.d/,private-keys-v1.d/,pubring.gpg~,gnupg.S.}*"'
ln -fs /usr/lib/os-release $(BUILDDIR)/etc/os-release
# add system users
fakechroot -- fakeroot -- chroot $(BUILDDIR) /usr/bin/systemd-sysusers --root "/"
# remove passwordless login for root (see CVE-2019-5021 for reference)
sed -i -e 's/^root::/root:!:/' "$(BUILDDIR)/etc/shadow"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment